Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Western Energy Companies Under Sabotage Threat

timothy posted about a month ago | from the shame-if-anything-was-t'-happen dept.

Security 86

An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."

cancel ×

86 comments

Sorry! There are no comments related to the filter you selected.

Dragonfly by Symantec (5, Funny)

OzPeter (195038) | about a month ago | (#47359759)

I read The group behind the operation, called Dragonfly by Symantec as that Symantec had a group called Dragonfly, and they were performing the espionage.

And my thought processes didn't toss that out as being unreasonable.

Re:Dragonfly by Symantec (0)

Anonymous Coward | about a month ago | (#47359971)

I read it the same way. A well placed comma would go a long way...

Re:Dragonfly by Symantec (3, Insightful)

alphatel (1450715) | about a month ago | (#47360619)

I read it the same way. A well placed comma would go a long way...

Or a properly placed quotation:

The group behind the operation, called "Dragonfly" by Symantec

Re:Dragonfly by Symantec (1)

LifesABeach (234436) | about a month ago | (#47362055)

My thoughts were, "Did Symantec get a 20 year old copy of Microsofts' legal briefs?"(not bill gates' briefs... XD)

Re:Dragonfly by Symantec (0)

Anonymous Coward | about a month ago | (#47362647)

I read it the same way. A well placed comma would go a long way...

Or a properly placed quotation: The group behind the operation, called "Dragonfly" by Symantec

Well, not really or. A comma is actually not an option. Your solution of adding quotations and italics is excellent, however.

Re:Dragonfly by Symantec (1)

Anonymous Coward | about a month ago | (#47359981)

That anti-malware companies have been the source of malware is a constant rumor. Ever since the Internet was opened to the public. And, before.
I remember the days when sneaker-net was used even among Macs on the first AppleTalk networks at the company that I worked at. One network kept getting viruses. A consultant was called in to find and eliminate the virus. This happened several times before they discovered the source of the virus was a 3.5" floppy disk that the virus-busting consultant gave to an end loser with "resource" files. The consultant had laid the virus trap so that he would receive clean-up assignments every two weeks or so. Sometimes the "sheriff" is the "thief".

Re:Dragonfly by Symantec (0)

Anonymous Coward | about a month ago | (#47360031)

It wasn't until I read the whole thing that I realized they meant "which Symantec has named Dragonfly". There's a few dozen ways that I can think to write that so that it makes sense, however the way they chose I feel like the only way it can be interpretted as you describe, "Dragonfly by Symantec" is the name. After cycling through the possible ways to word it less ambiguously, to put it nicely, it seems that putting the subject at the end of the phrase, as well as having no verb, is their primary mistakes.

Dragonfly by Symantec... hey, that could sell! (1)

swschrad (312009) | about a month ago | (#47360857)

you know it's working by the buzz your production machinery makes on the other side of the office wall. well, almost more or a roar....

We know (-1)

Anonymous Coward | about a month ago | (#47359817)

No shit. The whole western world, except a few countries, is the victim of an ongoing cyberespionage campaign. The group behind it calls the NSA.

As if you needed proof that the UK is irrelevant (-1)

Anonymous Coward | about a month ago | (#47359913)

on the world stage .. not even important enough to be on a cyberespionage hit list. Thank you, David Cameron. Thank you Very Much.

How is this any different than any other day? (0)

Anonymous Coward | about a month ago | (#47359939)

Practically speaking, if you don't secure your network like you're under attack at all times, what the hell are they paying you for?

Re:How is this any different than any other day? (4, Insightful)

Errol backfiring (1280012) | about a month ago | (#47360025)

To bear the blame if things go wrong. Oh, you want quality? Sorry, in the modern everything-must-be-done-yesterday-at-no-cost IT sector, quality is usually not an option. There's no market for quality.

Bingo. (1)

Anonymous Coward | about a month ago | (#47360509)

I work for a "western energy company."

We have dozens of sites, and a half dozen huge ones as they're power stations.

We have 3 network techs and 2 security people that are constantly traveling hundreds of miles to reach them all. But somehow we have 5 Sharepoint people... (God I hate management)

Re:Bingo. (0)

Anonymous Coward | about a month ago | (#47361343)

"We have 3 network techs and 2 security people that are constantly traveling hundreds of miles to reach them all" you are doing it wrong

Re:Bingo. (0)

Anonymous Coward | about a month ago | (#47369487)

You obviously have no understanding of how ICS networks are designed. An air-gapped network is more common than not due to a number of reasons/ Physical location being one, as many facilities are located in remote locations that can best be described as "off the grid".

So, yes, sending network technicians out to each site is not unusual at all. Plant managers are more than willing to pay the cost and deal with the inconvenience of having people on site performing the work as opposed to remotely. Having your network crater due to a "tee-hee-oops" error is a pain in a normal office. It can be catastrophic in an industrial facility.

Re:How is this any different than any other day? (1)

AHuxley (892839) | about a month ago | (#47364431)

Having real staff watch over a site is now been replaced with cheap networking. That network is the free 'internet' and a few skilled staff can watch over many sites 24/7.
Staff numbers could be cut, fewer real experts would be needed.
The networks are not hardened or unique to a plant or site. Too much consumer grade software and networking open to the outside world was used.
This is not news, was not unexpected and is an ongoing issue due to cost cuts and staffing ... ie an onsite design issue.

Attribution (3, Interesting)

Ceriel Nosforit (682174) | about a month ago | (#47359947)

"...the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone."

Which government has working days like that? Is it the Russians?

Re:Attribution (3, Informative)

thieh (3654731) | about a month ago | (#47360055)

Anywhere from Eastern Europe (UTC+2, 7AM-4PM) to Myanmar (UTC+6:30, 11:30AM-8:30PM) would also be reasonable, no?

Re:Attribution (2)

Ceriel Nosforit (682174) | about a month ago | (#47360429)

No, it would not... Government bureaucracy so rigid that we can have much better guesses than that. We should be able to eliminate most countries in this range, and their enemies to accommodate false-flag ops, and subtract according to capability. You get a short-list and then you just wait for the smoking gun.

Re:Attribution (0)

Anonymous Coward | about a month ago | (#47360571)

It's reasonable to assume this is happening somewhere in the Zulu +3,+4 zones (European Russia) unless somebody in the Zulu +8 zone (China) or in the Zulu -8,-7,-6,-5,-4 zones (USA) or are intentionally skewing their working hours to shift suspicion onto the occupants of Zulu +3,+4. It could also be Zulu +2 (Israel) but they are too much in sync with the Russian working day, it wold make more sense for them to blame this on the USA or the Chinese. But time shifting is a bit of a long shot isn't it? Common sense tells one that this is a classic example of one of those mundane things that people forget after obsessing for years over security and covering their tracks ..... however, on second thought..... perhaps whoever is doing this was clever enough to think of time shifting after all and this really is the NSA or the Chinese MSS at work...... Are you confused now?

Re:Attribution (1)

Lawrence_Bird (67278) | about a month ago | (#47360775)

It is also reasonable to assume that any government sanctioned, or even criminal/mafia types would use just that type of info to hide their own involvement. Location and time are really pretty useless.

Re:Attribution (1)

AHuxley (892839) | about a month ago | (#47364527)

Any country can fake an entry point in another country with timezones to match or use their own diaspora to fake a networking origin.
Who is using code, paying for code, where it is uploaded or controlled from can be well covered from a list of nations.
So many groups in gov, mil, the private cyber security contracting sector sector have really been pushing stories like this for the past decades.
The tame press, AC's, academics and sock puppets then drum up the need for expensive products and new cyber laws to cover simple network cost cutting.

Re:Attribution (0)

Anonymous Coward | about a month ago | (#47360621)

Further East, I dare venture... Those hours must fit the schedule of a twenty year old insomniac working in the dead of night from his mother's basement, who goes to collect his Government-issued black ops paycheck once a month but otherwise rarely sees the light of day.

Re:Attribution (-1)

Anonymous Coward | about a month ago | (#47360107)

Which government has working days like that? Is it the Russians?

Government employees working?

It can't be anywhere Republicans are in charge.

Re:Attribution (-1)

Anonymous Coward | about a month ago | (#47360235)

Which government has working days like that? Is it the Russians?

Government employees working?

It can't be anywhere Republicans are in charge.

I didn't think Republicans would have a government if they had things their way? In their utopia everybody would become millionaires the instant government is abolished and move to Galt's Gulch.

Re:Attribution (0)

Anonymous Coward | about a month ago | (#47360177)

One step closer to full thermonuclear warfare. Between the Chinese possibly flexing their military on HK (to double-down on the Pacific as a show of force) to Russia taking of the Ukraine, some serious shit is about to happen in the next few years.

End times, or a self-fulfilling prophecy? You decide.

Re:Attribution (2)

ColdWetDog (752185) | about a month ago | (#47360553)

"The International situation is desperate, as usual"
-- Tom Robbins

Re:Attribution (2)

PPH (736903) | about a month ago | (#47360587)

Iran? If they start work at 8:00.

Re:Attribution (1)

Ceriel Nosforit (682174) | about a month ago | (#47363343)

Iran? If they start work at 8:00.

Iran 46 Saturday-Thursday 8 and 6hours Thursdays

- https://en.wikipedia.org/wiki/... [wikipedia.org]

Well well well!

Israel: Sunday-Thursday, 8.5h
Russia: Monday-Friday, 8h
United Arab Emirates: Sunday-Thursday, 8h
Saudi Arabia: Sunday-Thursday, 10h

China: Monday-Friday, hours unlisted.

So the short-list got shorter. Here I was thinking everybody worked the same days.

Usual business hours in Russia:

Banks 8am or 9am-5pm or 6pm Mon-Fri

Offices 8am or 9am-5pm or 6pm Mon-Fri

- http://www.lonelyplanet.com/ru... [lonelyplanet.com]

Russia has no shortage of enemies who might false-flag them, but the short-list is still manageable. Dragonfly probably won't be able to move much without being attributed.

Threat-level: minimal. Political gun which can not actually be used.

Re: Attribution (0)

Anonymous Coward | about a month ago | (#47360611)

It's a fly-by-night operation, so obviously located in the US.

Re:Attribution (2)

flyingsquid (813711) | about a month ago | (#47361437)

To establish guilt in a crime, you try to identify who has means, motive, and opportunity. The working hours provide you information on opportunity; not to say that someone from China or North Korea couldn't attack during Eastern European business hours, but this tends to point to Eastern Europe as being the most likely source.

That brings us to means. Who has the capability to launch a campaign of this scope and duration? Anybody can launch a cyberattack, but relatively few countries have the resources to launch attacks against multiple organizations, in multiple countries, over many years. The big players in cyberwarfare are a relatively exclusive club, and would include the United States, Israel, China, North Korea, and Russia. So our suspect is almost certainly one of those countries.

Which brings us to motive. Who might want to attack these countries? The U.S. has a long list of enemies; certainly China, North Korea, or Russia might be interested in attacking the U.S. or at least having the capability to do so. Having the U.S. on this hit list tells us little. But what about the other countries? They include Spain, France, Italy, Germany, Turkey, Poland, Romania, Greece, and Serbia. With the exception of Serbia, every single one of those countries is a member of NATO. And NATO was created specifically to counter and deter Russia. So now put it all together: the attacks appear to be coming from Eastern Europe, the only country on the list of cyberwarfare powers in that area is Russia, almost all of the countries are part of a military alliance designed to counter Russia...

Re:Attribution (1)

AHuxley (892839) | about a month ago | (#47364753)

Any group can be used to fake an ip and work on shifts or use friendly 'locals' to provide the press spin of the expected evil/cover country of origin.
Lots of software gets tested, lost, sold, re built and re tested in the wild by many different groups.
A nation state would have real staff, real experts and real connections to the power sector to test all they like without any code needing a live test.
Why show your hand even if you need to test live? Why risk your skilled tight code floating around for many other govs and skilled AV firms to study?
Skilled nations have vast crews working on other problems - unique, special, air gapped sites that can only be accessed by mil/gov or contractors. Thats the focus of their experts, their spies, their dual citizens, people of the same faith long term.
Motive for this is just the usual new security product to sell/rent, domestic laws to change, political grandstanding.
The win is a boondoggle, security sector lobbying and press fun for the bellicose and militaristic.
Real nations have much more interesting long term projects to task on much more interesting sectors ie open networks are open to everybody on the 'net'.

Re:Attribution (1)

c (8461) | about a month ago | (#47364901)

Which government has working days like that?

A better question is "which hackers have working days like that"? Why would anyone expect criminals to work 9-to-5 jobs? I'd expect something more along the line of noon-to-hey-let's-go-get-piss-drunk-and-sleep-in-until-noon.

Jesus Christ, just use OpenBSD! (0)

Anonymous Coward | about a month ago | (#47359963)

For crying out loud, there's an easy solution to the software security problem: just use OpenBSD!

OpenBSD has been designed and built from the ground up to be nearly impervious to malicious intent. It may not be 100% perfect, but it's about as damn close as you're ever going to get.

It isn't just secure, but it gives you a very capable UNIX-like environment, too! That's what's so great about it. You get great security, without having to resort to using a stupidly limited environment.

OpenBSD is where it's at if you give a damn about security.

Re:Jesus Christ, just use OpenBSD! (2)

ColdWetDog (752185) | about a month ago | (#47360569)

No, there is no 'easy' solution to security and people like you are why it's harder than it should be. Security is an ongoing process, not something you just install. The minute you forget about that little detail is the minute that you get pawned.

That's the easy part.

Re:Jesus Christ, just use OpenBSD! (1)

evilviper (135110) | about a month ago | (#47364639)

OpenBSD has been designed and built from the ground up to be nearly impervious to malicious intent.

No it hasn't. It gets lots of code audits, which eliminate buffer overflows and the like, but does nothing to prevent properly operating malicious software. You want "trusted" computing for security against internal threats, and OpenBSD doesn't do it. Something like RHEL with SELinux properly configured and working, would offer better resilience to the kinds of attacks in question.

OpenBSD was no more immune to the OpenSSL heartbleed bug than any other platform.

No airgap? (4, Interesting)

thieh (3654731) | about a month ago | (#47359965)

I would have thought some of these should be airgapped for security reasons by design? Is it so hard to go to work these days that you have to hook it up to the outside?

Re:No airgap? (0)

Anonymous Coward | about a month ago | (#47360199)

Airgap requires on site techs. or long lead times for maintenance and/or repair. Just hook it up to the net and anybody on the planet can connect and work on it. Duh, why pay for the former?

Re:No airgap? (0)

Anonymous Coward | about a month ago | (#47360229)

The problem is, the outsourced techs the company you contracted to to do maintenance hired. You can't tell if they're just incompetent Indians or malicious Pakistani Muslims.

No airgap? (0)

Anonymous Coward | about a month ago | (#47360259)

airgaps aren't foolproof. You can do an acoustic analysis of the sounds of the keystrokes used to authenticate to the gapped machine. It's not quite as easy as it being linked to the public network without a gap, but it's not secure in and of itself.

Re:No airgap? (2)

BUL2294 (1081735) | about a month ago | (#47360471)

Yes, but now you'd need someone on-site, at the machine in question or on another PC within the airgapped network, to do their evil deeds. Doesn't matter if I know the password of the machine with the "NOC list" (from "Mission Impossible 1"); if the airgapped PC is physically thousands of miles away and/or I can't get into the site with the airgapped network, then what's the point??? I'm willing to bet some of the passwords on PCs within an airgapped network are "password", "12345", blank, "00000", etc.

And if you're really paranoid or anal, keyboards are cheap to replace -- or randomly cycle different brands/models/styles of keyboards between a set of PCs at random intervals...

Re:No airgap? (2)

mlts (1038732) | about a month ago | (#47360667)

Worst case, replace the keyboard with something like the Optimus Maximus keyboard with the keys changing characters every time a password is asked.

What really is needed are what we had before everything got linked to the Internet. We need separate networks. Examples of this would be SIPRnet, NIPRNet, and GRU's equivalents.

Yes, this network can be hacked, but it adds an additional barrier -- one has to hack the network (which likely will be designed with this in mind from the ground up), forge access as a trusted machine (tough, due to machines having their own public keys), then try to attack the targets themselves.

I wonder why this isn't done. I would think a "BIPRNet" would be obvious since it gets sensitive traffic and things like wide-open SCADA systems completely off the Internet, but still allows remote access and management.

Re:No airgap? (1)

evilviper (135110) | about a month ago | (#47364577)

And if you're really paranoid or anal, keyboards are cheap to replace -- or randomly cycle different brands/models/styles of keyboards between a set of PCs at random intervals...

Oh good! Now all I need to do is find a way to insert my hacked keyboard into the bunch from your order, and I can pwn your airgapped network in short order.

Once my malware is in, of course it'll spread over the insecure (no updates for systems on an air-gapped network) private network. From there, it could just cause everything to self-destruct at a prearranged time, or it could start searching for ways to communicate data back to me... be it the disabled wifi on one single machine on the network, or optical, if a machine with a webcam on the internet happens to be facing towards any of the air-gapped systems. Hell, depending on what it controls, you could modulate a tiny amount of information into the power grid output, or similar.

Re:No airgap? (5, Insightful)

swb (14022) | about a month ago | (#47360387)

I've done a couple of projects with engineering companies including one at a power plant. From what I've seen, the thing that tends to lead from air gapping to lack of airgapping is support.

The engineering companies don't have the IT infrastructure experience or skills in their engineering practice. They hired me to do basic stuff like SAN setup, switch configuration, VMware, etc.

The engineering company is required to provide support for their subsystem for a period of a couple of years and this includes everything IT related. Their office is hundreds of miles from the plant so problems with the IT environment require them to fly someone out. This is expensive, the guy who goes out has limited troubleshooting and they turn to me.

But they don't want to pay for my services on site, so ultimately they end up ungapping the environment so it can be supported with less cost. They have some security -- VPN only and possibly other restrictions which limit VPN connectivity, but they break the air gap.

They could maintain the air gap, but it would cost money -- support and travel costs, etc.

Ideally the engineering company would make IT systems part of their practice, but I think a lot of engineers have an "I'm an engineer" mentality which makes them they're good at everything, so they see this as unnecessary. They could negotiate with the plant to engage their IT resources, but that would cost them money.

Re:No airgap? (2)

DigiShaman (671371) | about a month ago | (#47360889)

but I think a lot of engineers have an "I'm an engineer" mentality which makes them they're good at everything

I got news for you. A lot of professionals are arrogant enough to to think they're qualified to perform another craft. Same thing goes for Doctors, Lawyers, and well, IT folk as well.

Re:No airgap? (4, Funny)

VorpalRodent (964940) | about a month ago | (#47361263)

I am an engineer, but I agree with your assessment - I feel fully qualified to act as a doctor. None of my patients have complained, but if by chance one were to survive and make a fuss, I feel sufficiently competent as a lawyer that I'm sure I'd be okay.

Re:No airgap? (0)

Anonymous Coward | about a month ago | (#47363399)

Right. And as soon as you're done nailing picture frames with your HDD, you can hand it over for e-mail retrieval. You're just too lazy to get a real hammer.

Re:No airgap? (0)

Anonymous Coward | about a month ago | (#47361185)

I don't see how this situation necessitates a permanent network connection. The simplest solution would be plug in the computers/switches WAN cable ONLY when there is a support action in progress, it would at least limit the period of vulnerability and any command/control. The best thing to do would be have a specialized router/device that you could send to a client that is firewalled & encrypted like crazy to limit connections to only your companies network. Every software/hardware contractor would have their own box that could be hooked up to the computer/LAN only when support is necessary. If a company needs regular support they could pay to keep the box on hand, if they only need support once in a while it could be mailed to them and after the issue was resolved they would mail it back.

Re:No airgap? (1)

whoever57 (658626) | about a month ago | (#47365121)

I've done a couple of projects with engineering companies including one at a power plant. From what I've seen, the thing that tends to lead from air gapping to lack of airgapping is support.
...
They could maintain the air gap, but it would cost money -- support and travel costs, etc.

Ultimately, it's a profit problem. Increased costs == lower profits (at least in the short term). Possibly over the long term, a security breach could cost more than the cost of an airgapped solution.

Alternatively, if the key issue is support, why don't the critical systems have their own LAN and firewall which allows only connections with the necessary IPs and ports for the remote access solution?

Re:No airgap? (2)

asylumx (881307) | about a month ago | (#47360393)

Stuxnet affected airgapped machines...

No airgap? (0)

Anonymous Coward | about a month ago | (#47361359)

The problem is often that the operating manuals reside on the "back-office" side of the electric company. Even if the control system can't be accessed directly, the operator is fooled to click a link while using the control system, leading to a transfer of a malicious payload previously inserted into the back-office network. The operating procedures and the systems are fundamentally broken (essential components at the wrong side of the network) and humans are at fault.

Re:No airgap? (1)

evilviper (135110) | about a month ago | (#47364511)

I would have thought some of these should be airgapped for security reasons by design? Is it so hard to go to work these days that you have to hook it up to the outside?

These systems aren't just ignorantly plugged-in to an internet connection. But still, you NEED to be able to input data to them, including software updates, and you NEED to get data out, like real-time status updates sent to grid operators. Having someone typing-in every bit of data won't work, and connecting it to internet-connected systems by any method, such as RS-232 serial or others, or just sneakerneting with USB, DVD-Rs, etc., offers the possibility of hacking.

Welcome to the future! (2)

MRe_nl (306212) | about a month ago | (#47359991)

People no longer have an expectation of privacy, according to Mark Zuckerberg.
Corporations are people, according to recent laws.
Ergo please stop whining, what goes around comes around, much like an enrichment centrifuge PLC : ).

Re:Welcome to the future! (0)

Anonymous Coward | about a month ago | (#47360303)

Mark Zuckerfuck should lose his right to life.

Re:Welcome to the future! (0)

jratcliffe (208809) | about a month ago | (#47360559)

Corporations are people, according to recent laws.

Only if you consider 1819 to be "recent."

https://en.wikipedia.org/wiki/... [wikipedia.org]

If the NSA has nothing better to do... (0)

Anonymous Coward | about a month ago | (#47360079)

Oh wait.

Bloody muslims (-1, Troll)

Chrisq (894406) | about a month ago | (#47360135)

again

Re:Bloody muslims (1)

currently_awake (1248758) | about a month ago | (#47360261)

More probably Russia. The first rule of superpowers- spy on everyone, all the time. Presumably they had to do this themselves because the NSA doesn't bother spying on them (and Russia would certainly have backdoored the NSA's computers and data collection streams).

Solar panels/wind turbines/batteries (1)

biodata (1981610) | about a month ago | (#47360249)

There is an obvious solution

Re:Solar panels/wind turbines/batteries (0)

Anonymous Coward | about a month ago | (#47360351)

Why would a solar/wind farm be less hackable than a coal power plant?

perhaps a slice of crow for the US? (2)

nimbius (983462) | about a month ago | (#47360341)

America patented this handy attack vector during the cold war. the CIA once destroyed a gas pipeline in 1982 by hacking malicious controls software into a system purchased by them from canada.The pipeline software that was to run the pumps, turbines and valves was programmed to go haywire, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to the pipeline joints and welds.
Again, the US did this in 2010 in collusion with Israeli Mossad, who were at the time busy with bomb attacks against key nuclear scientists in Iran. Stuxnet was meant to sabotage the uranium enrichment facility at Natanz. The worm worked by first causing an infected Iranian IR-1 centrifuge to increase from its normal operating speed of 1,064 hertz to 1,410 hertz, causing repeated stress and ultimately failure.

now the cows have come home. America is finding itself on the receiving end of increasingly sophisticated attacks against its 60 year old reactors and control systems by proxy. smaller western nations use the same GE technology and concepts while arguably being 'under the radar' enough to avoid major investigation into penetrations that would result in increased security of these systems by the US, or so i suspect the prevailing theory would be. It is no longer a matter of if, but when we as a country will take a seat for one of our famous 'teachable moments'

Re:perhaps a slice of crow for the US? (0)

Anonymous Coward | about a month ago | (#47361165)

"'teachable moments' tend to end up going badly for those doing or trying to do the teaching. With cyber attacks now defined as a national security concern that allows military retaliation the stakes have been raised. The US loves blowing shit up even if they sometimes blow up the wrong target. And the US has always been a target for sophisticated cyber attacks. People need to stop judging US actions in a vacuum and totally ignoring the actions of those competing with US interests. It's already at the point where atrocities and meddling in other countries affairs are perfectly acceptable as long as the US is somehow not involved. As long as you espouse anti-US demagoguery your actions are judged as virtuous, forward thinking, and totally justified. And this type of thinking is having some noticeable impact on the world today. Eastern Europe, South East Asia, and the middle east are fermenting a level of destabilization not seen since prior to WW2 and there is no sign of any improvement anytime soon. If anything it will continue to get worse until another generation gets a first hand look at true war and strife really means.

Re:perhaps a slice of crow for the US? (5, Interesting)

flyingsquid (813711) | about a month ago | (#47361601)

It's unquestionable that the U.S. has let this thing loose; the U.S. has perhaps the most advanced cyberwarfare capabilities (at least in terms of offense) as any country on earth, having developed these weapons and techniques they can't complain too much if other countries start using them as well. However the idea is that cyberwarfare, just like conventional warfare, can and should be governed by a code of conduct. The idea would be that targets that would be considered off-limits to conventional attacks would also be off-limits to cyber-attacks. So it would be considered acceptable to attack the enemy's command-and-control network, their radars, their weapons systems, or military shipping and transport... but not to attack civilian infrastructure such as electricity, water supply, trains, banks, the stock market, etc. etc. So far, U.S. actions are consistent with this policy; we have attacked Iran's nuclear facilities but haven't tried to take down their banks or power plants, even though we probably could. You can see this policy in action where the U.S. recently accused a number of Chinese soldiers of engaging in cyberwarfare against the U.S. The issue wasn't that they engaged in cyberwarfare, which we expect the Chinese to do. It was that they were attacking civilian targets for corporate espionage, and the U.S. wanted to send a message that while they expect the military to be attacked by the Chinese, and it's a legitimate target, it's not OK to target U.S. companies.

In the current case, it would appear that Russia doesn't accept the U.S. argument that civilian infrastructure should be off-limits. Whether the U.S. can complain here or not is debatable. The U.S. has targeted civilian infrastructure during conventional operations; they knocked out the power in Serbia during actions in Kosovo, for example. So the Russians could easily argue- and not without merit- that if it's OK to take out the power in Serbia using a stealth bomber and a conventional bomb, it ought to be OK to turn out the lights in the U.S. using a logic bomb.

Re:perhaps a slice of crow for the US? (1)

rahvin112 (446269) | about a month ago | (#47363741)

The Iranian nuclear plant is a power plant. But of course you are actually referring to the nuclear enrichment facilities which can be dual purpose civilian/military.

Re:perhaps a slice of crow for the US? (0)

Anonymous Coward | about a month ago | (#47364775)

All of the intelligence evidence so far (that we have been made aware of) has explicitly failed to find any evidence of a nuclear weapons program in Iran. So clearly Stuxnet violates this "code of conduct" that flyingsquid speaks of.

Re:perhaps a slice of crow for the US? (1)

rahvin112 (446269) | about a month ago | (#47371009)

The Iranians had documents from AK Khan on how to construct the fissible core of the weapon including blueprints. They've claimed they didn't request them and that they had no intention of using them but the fact remains they had plans for constructing a weapon. There have also been other documents that were provided by intelligence agencies such as the persian powerpoint presentation on how to build a reentry vehicle for an ICBM.

The evidence is hardly non-existent.

Re:perhaps a slice of crow for the US? (1)

CrimsonAvenger (580665) | about a month ago | (#47364111)

but not to attack civilian infrastructure such as electricity, water supply, trains, banks, the stock market, etc. etc.

Dresden. Hamburg. Hiroshima. Nagasaki.

Numerous other cities in both Germany and Japan.

Step back to the 1800s, and we have Sherman's Neckties between Atlanta and Savannah (civilian railroads torn up by Union troops in Sherman's Army).

And that's just the USA.

Coventry.

Nanking.

Too many others to count....

Re:perhaps a slice of crow for the US? (1)

Rich0 (548339) | about a month ago | (#47364151)

The only reason the US doesn't bomb power plants is because this is counter to US interests. The US doesn't need to bomb the power plant to accomplish their objectives, and it is one less mess to deal with once they move into the decade-long mop-up before we give up and pull out.

If the US were dealing with an adversary where it actually could lose the war, the power plants would be gone in the first night. They're trivial to disrupt. Bridges, road junctions, you name it would all be on the target list. The goal is to disrupt the enemy's logistics, because they can't land an invasion force on Hawaii if they are busy trying to keep half their population from starving or freezing in the winter.

If you live near a big power plant, then say goodbye come WWIII.

Re:perhaps a slice of crow for the US? (0)

Anonymous Coward | about a month ago | (#47365397)

It's interesting how "the idea that cyberwarfare ... should be governed by a code of conduct" - is only starting to get play in the last few years, when groups other than the US show signs of waking up to the possibilities.

Clearly, such nonsense wasn't necessary when the CIA were the only ones doing it.

Re:perhaps a slice of crow for the US? (0)

Anonymous Coward | about a month ago | (#47363567)

Mod this up informative and biting.

Re:perhaps a slice of crow for the US? (1)

evilviper (135110) | about a month ago | (#47364467)

the CIA once destroyed a gas pipeline in 1982 by hacking malicious controls software into a system purchased by them from canada.

Your summary is just absolutely AWFUL. Obviously, no Canadian pipelines were damaged... Instead the CIA had a Canadian company sabotage their own SCADA software, knowing that the Soviet KGB was going to steal their pipeline control systems, with that software on it.

Secondly, it's a story from a single source, unconfirmed, that has been disputed by others. So it may actually have been shoddy construction, instead of sabotage, which doesn't support your claim:

https://en.wikipedia.org/wiki/... [wikipedia.org]

now the cows have come home. America is finding itself on the receiving end of increasingly sophisticated attacks

Except the attacks were coming in hard and heavy, long before Stuxnet. It's incredibly ridiculous to claim that nobody else would be doing it, if the US didn't participate... It's just too tempting a target for the Chinese and Russians to miss-out on, and the US allowing itself to fall behind would be disastrous and negligent.

http://www.afr.com/p/technolog... [afr.com]

It's the Russians (4, Insightful)

ziggystarsky (3586525) | about a month ago | (#47360379)

It's Russia because
- UTC+4 is one time-zone east of moscow;
- it shifted to energy supplying firms with the beginning of the crisis in Ukraine (where Russia's gas delivieries are considered as the its only trump)
- it's either Russia or China in general

Re:It's the Russians (1)

WindBourne (631190) | about a month ago | (#47361819)

Far more likely China. Russia already had the tech needed to efficiently drill.

Re:It's the Russians (-1)

Anonymous Coward | about a month ago | (#47361957)

or NSA trying to pad its budget, cause you know terrorists

Re:It's the Russians (0)

Anonymous Coward | about a month ago | (#47362277)

I wouldn't rule out Iran. Motive: retaliation for stuxnet.

Symantec's naming convention... (0)

Anonymous Coward | about a month ago | (#47360567)

...needs work. This group is trying to commit sabotage and we give them a glamorous name like "Dragonfly"? These are the bad guys. What's wrong with names like "Stink Bug", "Sewer Rat", "Cockroach", or "Maggot"? If we are going to name these groups let's try not to make them sound like an elite group of super spies.

Decentralized power ? (2)

einar.petersen (1178307) | about a month ago | (#47361243)

Hmmm... Did anyone just say why don't we use this opportunity of reliance upon centralized power and the weakness thereof to get rid of the energy cartels and rely on decentralized power instead, thus making our nations stronger, more independent and resilient to both attacks and natural disasters ? Just food for thought on a day that Solar Power just got greener and not to mention cheaper http://www.geek.com/science/se... [geek.com] The fact that power companies are being "attacked" is old news - The right path to take in the light of these "attacks" is one of energy self reliance. That means "self powering" each building and furthermore securing such installations from infograbbing / controlling entities looking out for their own profits with no real concern for your needs or finances.

TBH I'd be more worried... (2)

Torp (199297) | about a month ago | (#47361493)

... about the ones Symantec doesn't know about.
Also, I don't remember Symantec doing anything useful since like, forever. I remember them for purchasing Norton Utilities and turning them into a bloated mess. Should we trust them on this, or is their marketing department manufacturing a threat? :)

They work *at* these companies (0)

Anonymous Coward | about a month ago | (#47361517)

When I worked for a major defense contractor we had an employee that would occasionally sabotage projects we were working on. Really obvious stuff like going into labs and unhooking a bunch of stuff before demos and drilling holes in the circuit cards. It was obvious who it was because he was notorious for hopping around project teams and never really doing any work but didn't happen often enough that it looked like somebody just running around breaking stuff. At one point we had to go to security but they pretty much told us to get evidence that it was happening. They said if we didn't physically see it happening there was nothing that we or they could do. He just happened to be the only person that actively spoke arabic on the phone during work hours, and we all knew whatever project he joined would 1) not have what he was assigned to done ever and another engineer would need to hero it through or 2) the things other people did would routinely "break". We knew that this would be a huge discrimination issue for us engineers with super corporate HR people so we dealt with it because we were ultimately powerless.

They work *at* these companies (0)

Anonymous Coward | about a month ago | (#47362193)

It never occurred to any of you to set up some spycams when he moved to a new project? You don't even need to buy overt cams, http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome will make every webcam that happens to have a view of the lab do the job.

Re:They work *at* these companies (0)

Anonymous Coward | about a month ago | (#47364951)

Are you kidding? The rooms are secure. They can't have what's happening inside be transmitted to the outside. Security personnel can't know what they are working on unless they are cleared to the project too...which they would have to be sitting in the room to watch though...all they can do is make sure the engineers get into the room safely and it's locked and actually empty when they leave. There are no air vents like in the movies with little mission impossible nooks to put fiber optic cables. You can get written up for not having "unclassified" written on a blank cd you bring out of one. There are no phones allowed. But hey, why don't we just walk in with cameras we bought on the internet from some foreign country to keep tabs on one guy without letting everybody else know they are being recorded illegally and not instantly lose our clearance and our jobs if caught! Brilliant plan.

Even though the room security programs record who is in and for how long at all times they still didn't do anything. Blame red tape and corporate policies, not other engineers that blew the whistle ffs.

Why is the UK missing? (1)

niks42 (768188) | about a month ago | (#47361917)

Are we not worthy of even a tiny mention at the footnote? I feel like I live somewhere that has no influence on the global stage any more. That can't be right. Oh, wait ..

Re:Why is the UK missing? (1)

AHuxley (892839) | about a month ago | (#47364885)

Options:
MI6 warned the UK gov and was privately able to secure the power sector over a very long time.
GCHQ was working with the power sector over a very time.
The UK power sector is air gapped with unionized staff at each site unreachable by most modern internet code floating around.
All the other nations listed rebuilt their power sectors with a series of open internet connections. Very few top staff member with laptops could complete their tasks off site via the internet at a lower cost.
The only aspect of the UK grid open to networking is billing and secretarial support due to the age or expert design of the per site bespoke systems.
GCHQ has a UK wide super firewall they did not tell anyone about :)

PWNING YOUR MIND by CIA and NY Banksters (0)

Anonymous Coward | about a month ago | (#47362029)

So the bad, bad, bad Russkies are the new BOGEYMAN.

But only if you eat their spam. Otherwise, it is a country which just does not submit itself to Banksters International - the folks who work hard to screw up YOUR life.

remote access trojans (RATs) (1)

Trax3001BBS (2368736) | about a month ago | (#47365085)

autoplay.

DRAGONFLY (1)

Kirth (183) | about a month ago | (#47367107)

NSA operations are spelt with capitals.

Oh, you mean western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign, launched by somebody apart from the NSA as well?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>